Well, I am bit confused here.
I am decrypting the signature using RSA_public_decrypt function passing it a
public key with RSA_PKCS1_PADDING option.
For primary signature, I get back a 35 byte value which is inclusive of the
digestAlgorithm. It is in the v1.5 format that you mention about.
Ok, look in the SignerInfo structure of the secondary signature.
There is a separate field (digestEncryptionAlgorithm) indicating
the OID of the signature algorithm. Look at this and see if it is
different from the value in the outer signature, and look up the
value online to see what it means.
The RFC links helped.
I am able to do decrypt the encrypted digest and match it with the DigestInfo
as explained in rfc2315.
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest }
Digest ::= OCTET STRING
I typically get back 35 byte decrypted digest
Hello,
I am currently focusing on matching various digests that we talked about
earlier in the thread.
1. Computing the hash of the executable (excluding the areas as defined by MS)
and matching it with the value stored in spcIndirectData. This is straight
forward and figured out.
2.
Thanks Jacob for an elaborate answer. Somehow I never received your response to
my registered email address, hence delay in responding.
I have a few follow-up questions on your response.
1. So, encryptedDigest has no relation to the stored messageDigest? I
thought it's a encrypted version of
On 09/09/2014 09:01, Prasad Dabak wrote:
Thanks Jacob for an elaborate answer. Somehow I never received your
response to my registered email address, hence delay in responding.
This time I have CC-ed you in addition to the mail list.
I have a few follow-up questions on your response.
1. So,
Thanks Jacob for your response. Very informative indeed!
Thanks
-Prasad
Sent from my iPhone
On 09-Sep-2014, at 10:05 pm, Jakob Bohm jb-open...@wisemo.com wrote:
On 09/09/2014 09:01, Prasad Dabak wrote:
Thanks Jacob for an elaborate answer. Somehow I never received your response
to my
http://msdn.microsoft.com/en-us/windows/hardware/gg463180.aspx is the spec for
the Authenticode PE signature format.
http://msdn.microsoft.com/en-us/gg463119 is the Microsoft PE and COFF
Specification.
Better download them now before they disappear, they appear to be deprecated in
favor of
On 07/09/2014 05:43, Prasad Dabak wrote:
Hello,
Given a signed Windows portable executable, I want to programmatically
verify two things using openssl APIs
1. Verify the digital signature.
2. Confirm that the executable is signed by a specific company using
that company's public key.
It
Hello,
Given a signed Windows portable executable, I want to programmatically verify
two things using openssl APIs
1. Verify the digital signature.
2. Confirm that the executable is signed by a specific company using that
company's public key.
It seems that part (1) can be done by parsing
10 matches
Mail list logo
